How To Add 2-Factor Authentication Login To Your WordPress Sites

by Paul G.

1 Flares 1 Flares ×

iControlWP Logo 250pxA couple of weeks ago we released our brand new security plugin for WordPress.

Today’s upgrade adds the easiest Two-Factor Login Authentication option for WordPress available.

Read on to find out why this rocks, and 3 huge reasons you should have this on your blog today!

What is 2-Factor Authentication login for WordPress?

First, what is 2-factor authentication?

Two-Factor Authentication is where, after you log into a website or service, that service will try to verify that you really are the person you say you are.

This verification can be done in several ways… most common is email-based two-factor authentication.  Typically you’ll log into the web service and they’ll send you an email with a link to verify yourself.  You click this link and you’re in.

And that’s 2-factor authentication in a nutshell.

Would you like to have the same level of protection on your WordPress site?

Now you can, with the WordPress Simple Firewall plugin for WordPress.

Why is 2-Factor Authentication so important for WordPress?

There are couple of big reasons why this is good for you and your websites’ security:

1. Protection against brute force WordPress login account cracking

Brute force attacks work by repeatedly, very quickly, trying to log into an account using a username and a series of guessed passwords.

When 2-factor authentication is put in place, the attacker can never gain access to your WordPress account and will never know if a login was successful or not.  They can of course gain access if they have access to your email account, but by then, you probably have far greater problems to worry about.

2. Ability close any unattended session.

If you log in from 1 location, and leave this signed-in or unattended, simply logging in from another location will cause the other session to be terminated as soon as it’s used.

3. Reduce account sharing and abuse.

Since only 1 IP address may assigned to a given username, and this is in effect assigned to 1 email address, account sharing and abuse, depending on your systems, is reduced.

How 2-Factor Authentication works with the WordPress Simple Firewall plugin

At the time of writing the plugin has 2 main pieces of functionality:

  1. A Firewall.
  2. WordPress Login Protection.

The WordPress Login Protection feature handles the Two-Factor authentication (amongst other things).

It works by linking 2 pieces of information:

  1. WordPress Login Username
  2. Connecting IP Address

It will create a dedicated database table on your site to which it will store the combination of IP addresses and usernames.  When the feature is enabled, all users on the site must have a corresponding and verified IP address.

When a user successfully logs into the site from a new/unrecognised IP address, it will send an email to your registered email address.  This email will contain a verification link that you must click in order to verify the IP address and your username.

Once this is done, any previously registered IP addresses for that username will be invalidated – that is, only one IP address may be associated to a user at any time.

How to activate 2-Factor Authentication on your WordPress site

WordPress Simple Firewall Menu

WordPress Simple Firewall Menu

When you install and activate the plugin, a new menu will appear on your WordPress sidebar called “Simple Firewall”. This will have a sub-menu item called “Login Protect”.

Clicking this will load an options page and you’ll first need to activate the Login Protection feature, and then enable the “Two-Factor Authentication” option, and save.

Immediately, the system will start analysing logged-in users, including you, and log you out of WordPress once it detects that your username doesn’t have a registered IP address.

Simply re-login into your site, click the link in the verification email you receive, and once again, log into your site.

You wont need to verify yourself again until your IP address changes.

Protect your WordPress site today from Brute Force attacks

This WordPress plugin is simple to use, and to protect your site against brute force attacks requires no expertise and no practically ZERO configuration steps. You just turn it on!

← Previous Article:

→ Next Article:

{ 0 comments… add one now }

Leave a Comment

{ 1 trackback }

Take Back Control Of WordPress Today